From: Yasuyuki Kozakai Date: Fri, 22 Jun 2007 21:10:22 +0000 (-0700) Subject: [NETFILTER]: nfctnetlink: Don't allow to change helper X-Git-Tag: v2.6.22-rc6~2^2~9 X-Git-Url: https://err.no/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e2d8e314ad18d4302b3b7ea21ab8b2cb72f2b152;p=linux-2.6 [NETFILTER]: nfctnetlink: Don't allow to change helper There is no realistic situation to change helper (Who wants IRC helper to track FTP traffic ?). Moreover, if we want to do that, we need to fix race issue by nfctnetlink and running helper. That will add overhead to packet processing. It wouldn't pay. So this rejects the request to change helper. The requests to add or remove helper are accepted as ever. Signed-off-by: Yasuyuki Kozakai Signed-off-by: Patrick McHardy Signed-off-by: David S. Miller --- diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c index 3f73327794..d0fe3d7698 100644 --- a/net/netfilter/nf_conntrack_netlink.c +++ b/net/netfilter/nf_conntrack_netlink.c @@ -869,8 +869,7 @@ ctnetlink_change_helper(struct nf_conn *ct, struct nfattr *cda[]) return 0; if (help->helper) - /* we had a helper before ... */ - nf_ct_remove_expectations(ct); + return -EBUSY; /* need to zero data of old helper */ memset(&help->help, 0, sizeof(help->help));